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Finding roots of polynomials over finite fields 
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Abstract 



In this paper we propose an improved algorithm for finding roots of polynomials over finite fields. 

o ; 

fSJ i This makes possible significant speed up of the decoding process of BCH, Reed-Solomon and some 

£h , other error-correcting codes. 

Hi ■ 

Index Terms 

Chien search, error locator polynomial, p-polynomial, linearized polynomial, affine polynomial, 
C/3 . BCH code, Reed-Solomon code 

i o i . 

I. Introduction 

m : 

CO , It is well known that one of the most time-consuming stages of decoding process of Reed- 

O ■ 

' Solomon, BCH and some other codes is finding roots of the error-locator polynomial. The most 

o : 

widely known root finding algorithm is Chien search method, which is a simple substitution of 
all elements of the field into the polynomial, so it has very high time complexity for the case 

O ■ 

of large fields and polynomials of high degree. 
^ . In [1] it was shown that every polynomial of degree not higher than 5 can be transformed 

into a canonical form with one or two parameters, so it is possible to construct tables for finding 



roots. Moreover, if some roots are located in the same cyclotomic coset, it is possible to eliminate 
them using Euclidean algorithm. In their recent paper [2] Truong, Jeng and Reed proposed a 
transformation which allows grouping of some summands of the polynomial of degree not higher 
than 11 into multiples of affine polynomials. Since affine polynomials can be easily evaluated 
using very small pre-computed tables, it is possible to speed up computations. However, their 
algorithm suffers from some drawbacks: 

1) It can be applied only to polynomials of degree not higher than 11; 



July 24, 2001 



DRAFT 



IEEE TRANSACTIONS ON COMMUNICATIONS, VOL. 50, NO. 11, NOVEMBER 2002 



2 



2) Transformation of the polynomial is required. Transformation proposed by authors (y = 
x + hi h f° r polynomial F{x) = Yll=o h x% ) can not be applied if f 7 = 0, so root finding 
algorithm becomes more complicated; 

3) After transformation the polynomial contains summand /io2/ 10 + fgy 9 (and f 6 x 6 if trans- 
formation failed). Evaluation of it still requires usage of Chien's algorithm. 

In this paper we propose a common approach which can be used for decomposition and fast 
evaluation of any polynomial. We describe it for the case of GF(2 m ), but our results can be 
generalized for the case of arbitrary field. This technique can be used in realization of Chien 
search. 

Root finding problem can be formally stated as finding all distinct Xi : F(xi) = 0, F(x) = 

Xi, fj e GF(2 m ). Chien search algorithm solves it by evaluation of F(x) at all x G C7F(2 m )\0 
with the time complexity 

W=(C add + C mul )t(2 m -l), (1) 

where C a M and C mu i are the time complexities of one addition and multiplication in the finite 
field respectively. The algorithm described below reduces cost of one polynomial evaluation 
using special reordering of field elements. 

II. Fast polynomial evaluation algorithm 

Before description of the algorithm let us first consider some definitions and properties. 
Definition 1: A polynomial L(y) over GF(2 m ) is called a p-polynomial for p = 2 if 

L(y) = Y J Liy 2 \L l eGF(2 m ). 

i 

These polynomials are also called linearized polynomials. The following lemma describes the 
main property of p-polynomials. 

Lemma 1 ([3]): : Let y e C7F(2 m ) and let a ,..., a™" 1 be a standard basis. If 

m—1 

y = Y,Vka\ y k eGF(2) 

and L(y) = ^ L jV 2 ^ then 
j 

m—1 

L(y) = J2y k H* k ). 

k=0 
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A polynomial A(y) over GF(2 m ) is called an affine polynomial if A(y) = L(y) + /3, (5 e 
GF{2 m ), where L(y) is a p-polynomial. The above lemma makes possible evaluation of affine 
polynomials A(x) with just one addition at each xi e GF(2 m ) if all Xi are ordered in their 
vector representation as Gray code. 

Definition 2: Gray code is an ordering of all binary vectors of length m such that only one 
bit changes from one entry to the next. 
So if Xi E GF(2 m ) are ordered as a Gray code 

(i.e. wt(xi — Xi-i) = 1, where wt(a) is the Hamming weight of a) the following holds: 



where S(xi, indicates position in which Xi differs from in its vector representation. If 
x = then A(x ) = f3 and the above equation describes the algorithm for evaluation of A(x) 
at all points of GF(2 m ). 

Example 1: Let us consider the case of GF(2 3 ) defined by the primitive polynomial n(a) = 
a 3 + Q! + l. One of many possible Gray codes is the sequence 000, 001, 011, 010, 110, 111, 101, 
100 or 0, 1, a 3 , a, a 4 , a 5 , a 6 , a 2 . So one needs to prepare a table of values L(a°), L(a l ), L(a 2 ). 
Then A(l) = A(0) + L(a°), A(a 3 ) = A(l) + L(a r ) and so on. 

This algorithm can be applied for evaluation of any polynomial if it is decomposed into a 
sum of affine multiples. 

Statement 1: Each polynomial F(x) = Y?j=ofj x *i 
fj G GF(2 m ) can be represented as 



where \a] is the smallest integer greater than or equal to a. 

Proof: Let k be the smallest integer such that 5k — 1 > t and assume that for all « > 
t fi = 0. Then the above equation can be represented as 



A(xi) = A(x i - 1 ) + L(Ai), Ai = Xi- = a' 



,S(xi,Xi-i) 



r(*-4)/5l 3 




i=0 j=0 



X 



F{x) = F k (x) = hx 3 + 
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For t — 4 (k — 1) this is obvious. Let us assume that F k (x) has been decomposed as described. 
Then F k+1 (x) = F k (x) + x 5k (f 5k + f 5k+1 x + f 5k+2 x 2 + f 5 k+4X 4 ) + x 5 ^' 1 ^ f 5{k - 1)+8 x 8 . The last 
summand of this expression can be grouped with the last summand of the decomposition of 
F k (x). U 
p-polynomials appearing in this decomposition have only 4 summands. In some cases intro- 
ducing additional summands can reduce the total amount of affine polynomials in the final 
decomposition. 

So the whole root finding algorithm is as follows: 

1) Compute Lf ] = L, t (a k ), k = [0; m - 1], 

% G [0; \(t — 4)/5~|], where Li(x) are p-polynomials appearing in the above decomposition: 

Li{x) = Ylj=o fr>i+2o x 2 ; 

2) Initialize Af ] = f 5i ; 

3) Represent each Xj E GF(2 m ), j e [0; 2 m — 1] in standard basis as an element of Gray 
code with x = 0, compute = + Lf^'*^ , j e [1; 2 m - 1]; 

4) Compute F( Xj ) = hx) + Y}^'^ x f A ¥\ 

j G [1; 2 m - 1], and F(0) = / . If F(xj) = then Xj is a root of the polynomial. Note 
that the second summand of this sum can be computed using Horner's rule. 
The total time complexity of this algorithm consists of complexity of preliminary computations 
(first summand) and complexity of polynomial evaluation and is equal to 

W fast = m Y-f-] (4C mul + 3C add ) + 

(P±±] (2C add + C mul ) + 2C exp )(2 m - 1), (2) 

where C exp denotes the time complexity of one exponentiation over the finite field. 

III. Simulation results 

To demonstrate the efficiency of the new algorithm it has been implemented in C++ pro- 
gramming language, compiled with MS Visual C++ 6.0 compiler and software simulation on 
AMD Athlon 1700 XP processor on Windows XP operating system has been performed. The 
multiplication of field elements in GF(2 8 ) was implemented using tables of logarithms and 
antilogarithms. The computation times required to evaluate the polynomials at the field elements 
a , . . . , a 254 were averaged over 100000 computations and shown in Table 1. 
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17.2 


16.7 


14.9 


1.15 


7 


19.8 


18.2 


15.1 


1.31 


8 


22.2 


19.6 


15.2 


1.46 


9 


24.6 


20.3 


15.3 


1.60 


10 


27.2 


20.9 


17.3 


1.57 


11 


29.6 


20.6 


18.2 


1.62 


16 


42.3 




21.4 


1.97 


24 


61.8 




25.8 


2.39 


32 


81.4 




31.4 


2.59 



Note that speedup rates for Truong, Jeng and Reed method are significantly lower than 
shown in [2]. This is caused by different implementation of multiplication operation used in 
our simulations. 

Comparing expressions (1) and (2) and corresponding experimental results one can see that 
this algorithm can be up to 2.6 times faster than Chien search depending on implementation of 
operations over GF(2 m ). 

IV. Conclusions 

In this paper we proposed an algorithm for evaluation of arbitrary polynomials at many points 
of the finite field with significantly better performance than well-known Chien search. Sometimes 
performance of this algorithm can be further improved by construction of different polynomial 
decompositions. 

Acknowledgements 

The authors would like to thank the transactions editor for coding and communication the- 
ory application Prof. Vrjay K. Bhargava and the anonymous reviewers for their constructive 
comments. 

The first author (S. Fedorenko) would like to thank the Alexander von Humboldt Foundation 
for support the work presented in this paper. 



July 24, 2001 



DRAFT 



IEEE TRANSACTIONS ON COMMUNICATIONS, VOL. 50, NO. 11, NOVEMBER 2002 



6 



References 

[1] R.T. Chien, B.D. Cunningham, and LB. Oldham, "Hybrid methods for finding roots of a polynomial with application to 
BCH decoding," IEEE Transactions on Information Theory, vol. 15, no. 2, pp. 329-335, 1969. 

[2] T.-K. Truong, J.-H. Jeng, and I.S. Reed, "Fast algorithm for computing the roots of error locator polynomials up to degree 
11 in Reed-Solomon decoders," IEEE Transactions on Communications, vol. 49, no. 5, pp. 779-783, 2001. 

[3] E.R. Berlekamp, Algebraic coding theory, New York: McGraw-Hill, 1968. 



July 24, 2001 



DRAFT 



